<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
  <TITLE>tracetcp</TITLE>
  <LINK REV="made" HREF="mailto:">
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
  <META NAME="generator" CONTENT="NoteTab Light 4.95">
  <META NAME="author" CONTENT="">
  <META NAME="description" CONTENT="">
  <META NAME="keywords" CONTENT="">
</HEAD>

<BODY BGCOLOR="#000050" TEXT="#000000" LINK="#0000FF" VLINK="#800080" ALINK="#FF0000">

<TABLE ALIGN="center" BGCOLOR="#909090" BORDER="0" CELLSPACING="10" CELLPADDING="5" WIDTH="100%">
  <TR ALIGN="center" VALIGN="middle">
    <TD ALIGN="left" VALIGN="top" WIDTH = "200" BGCOLOR="#e0e0f0">
      <!-- Sets up an IFRAME that conatins the common menu for the whole site. -->
	<IFRAME SRC="tracetcp_menu.html" ALIGN="top" WIDTH = "200" HEIGHT = "600" FRAMEBORDER="0"></IFRAME>
    </TD>

    <TD ALIGN="left" VALIGN="top" BGCOLOR="#e0e0f0">
      <h3>Detect a blocked port</h3>
<!-- Descriptive text. -->

<p>
Here is a standard trace on port 80:
</p>

<!-- end Descriptive text. -->


<!-- Program output. -->
<TABLE ALIGN="center" BORDER="1" CELLSPACING="0" CELLPADDING="5" WIDTH="95%" BGCOLOR="#ffffff" >
  <TR>
   <TD>
    <PRE>$ tracetcp www.ebay.co.uk

Tracing route to 66.135.192.41 [www.ebay.co.uk] on port 80
Over a maximum of 30 hops.
1       1 ms    1 ms    2 ms    192.168.0.1     [wintermute]
2       10 ms   9 ms    11 ms   10.78.128.1
3       10 ms   11 ms   8 ms    62.30.193.33    [gsr01-so.blueyonder.co.uk]
4       10 ms   9 ms    10 ms   172.18.14.45
5       14 ms   13 ms   14 ms   172.18.14.62
6       12 ms   13 ms   14 ms   194.117.136.18  [tele2-witt-pos.telewest.net]
7       12 ms   12 ms   14 ms   166.63.222.37   [zcr1-so-5-0-0.Londonlnt.cw.net]
8       182 ms  164 ms  164 ms  208.172.146.100 [dcr2-loopback.SantaClara.cw.net]
9       163 ms  163 ms  164 ms  208.172.156.198 [bhr1-pos-0-0.SantaClarasc8.cw.net]
10      165 ms  165 ms  167 ms  66.35.194.50    [csr1-ve243.SantaClarasc8.cw.net]
11      165 ms  165 ms  164 ms  66.35.212.190
12      168 ms  169 ms  169 ms  66.135.207.253
13      166 ms  169 ms  171 ms  66.135.207.174
14      *       *       *       Request timed out.
15      Destination Reached in 170 ms. Connection established to 66.135.192.41
Trace Complete.</PRE>
   </TD>
  </TR>
</TABLE>
<!-- End Program output. -->

<p>
If we do the same trace but this time we use port 135 we can see that it is blocked after hop 2. This block was put in place by my ISP  to try to limit the damage being caused by a worm, that spread by exploiting a vulnerability in DCOM.
</p>

<!-- Program output. -->
<TABLE ALIGN="center" BORDER="1" CELLSPACING="0" CELLPADDING="5" WIDTH="95%" BGCOLOR="#ffffff" >
  <TR>
   <TD>
    <PRE>$ tracetcp www.ebay.co.uk:135

Tracing route to 66.135.192.41 [www.ebay.co.uk] on port 135
Over a maximum of 30 hops.
1       1 ms    1 ms    1 ms    192.168.0.1     [wintermute]
2       10 ms   13 ms   9 ms    10.78.128.1
3       *       *       *       Request timed out.
4       *       *       *       Request timed out.
5       *       *       *       Request timed out.
6 ... continues until maximum number of hops reached.</PRE>
   </TD>
  </TR>
</TABLE>
<!-- End Program output. -->

  </TD>
 </TR>
</TABLE>
</BODY>
</HTML>
